I am developing a secure android application! I want to manage the password in a secure way, which I mean I don't want to save the password or my private key. Is there any good password manager? Or I should generate it myself?
1 Answer
You don't store the password- you login and get returned a token. That token is what you send up for future access. That secures the password without the need for encryption.
If you're more paranoid and want to protect the token as well, use the Andrid Keystore https://developer.android.com/training/articles/keystore.html to secure your private key (and generate the private key on the device, no need/good reason to use the same one on all devices).
answered Aug 20, 2017 at 6:47
